Custom JSON Attack
This week, we experienced a new type of spam attack that hindered the normal functioning of the Steem blockchain servers: seeds, witnesses and RPCs. I had written a script to monitor all my servers and got an alert as soon as the incident started. I immediately scrambled to investigate, it was late in the afternoon.
It began with unusually high latencies on some servers, which corroborated with what other witnesses were experiencing. Soon enough, a spammy custom json started to show up in the logs à la Matrix, while causing many other transactions to expire. I won't discuss the details of this in order to not give ideas to malicious users. For some reason, some servers couldn't cope well, then stalled after being hit with the repetitive spam. Other servers weren't affected at all.
Being available, for hours after the incident started, I was able to closely monitor and manage my servers to restart them as needed when/if they stalled.
Steemit developers were notified and within 24h they provided a fix. However, before the release of a final stable fix, I helped in testing it on some of my servers. When the stable version was done, I was promptly and fully updated, without interruption to my block production. Many witnesses also updated to mitigate any future attempts of this attack type. While the working fix was still under the 0.19.2 version, an additional tiny PR was added later to indicate version 0.19.3. I'm proud to say (without bragging) that I was the first one to upgrade to the final 0.19.3 version :)
Thanks to the Steemit team for quickly dealing with this issue, as they always did with critical incidents. And thanks for the witnesses who helped in testing the patch.
If you're a witness using the dockerized setup and haven't patched your servers yet, you can check this post @someguy123/important-update-steem-in-a-box-for-v0-19-3-steemfeed-js-update
Servers Tinkering
For the last month, I've been busy tinkering with different RAM, zRAM, swap configurations on different VPS providers and at home. In fact, I recycled my old computer and rebuilt it for local testing. I will make a more detailed post about it later. Rest assured, my main witness node is a dedicated server with 64GB RAM that has been running quite well so far. Currently, I have 5 servers in total, for a higher backup redundancy, with different configurations and locations, including the seed.
Note that the blockchain file is now over 100GB (and keeps growing).
Witness Parameters
- My APR and bias are at 0%.
Miscellaneous News
- I'm currently at Rank 25. Thanks to all my supporters. Only 7 missed blocks since I started witnessing 9 months ago.
- I've been actively engaged with @the-resistance since it started, to counter and expose @grumpycat aka @madpuppy abuses. Join us if you'd like to participate in our cause.
- I'm still a member and delegator of the @minnowsupportproject. I recently bumped my delegation to @youarehope.
- I'd like to thank @wackou for his continuous support for me and his generous increased delegation.
- I continue to help users and witnesses on Steem.Chat.
- There's been an improvement in the stuck accounts, since the new Steemit signup faucet was implemented in March 2018. These are the stats of the users I processed on Steem.Chat:
| Month | Cases |
|---|---|
| Nov 2017 | 41 |
| Dec 2017 | 126 |
| Jan 2018 | 373 |
| Feb 2018 | 784 |
| March 2018 | 474 |
| April 2018 | 136 |
| TOTAL | 1934 |
Security Reminder
Phishing websites are still around and users are still falling for it. Sometimes more than once!
Use the Posting key to login for your daily blogging activities.
Here are my commandments:
DO NOT USE YOUR PASSWORD AT ALL, FORGET YOU EVEN HAVE IT
DO NOT PASTE YOUR PASSWORD ANYWHERE OUTSIDE STEEMIT.COM
DO NOT GIVE YOUR PASSWORD TO ANYONE
STORE IT OFFLINE AND DO NOT LOSE IT
Use the password ONLY for doing critical tasks, like account recovery or keys change.
Check out those quick guides about the different keys and the security of your account:
Together we make Steem better.
Check out Steemian.Info, the concise information resource about the Steem blockchain
Proud member and supporter of @the-resistance
Join us on https://discord.gg/qMWCbWR
Proud member and delegator of the @minnowsupport project
Join us on https://discord.gg/GpHEEhV
Available & Reliable. I am your Witness. I want to represent You.
🗳 If you like what I do, consider voting for me 🗳
If you never voted before, I wrote a detailed guide about Voting for Witnesses.
Go to https://steemit.com/~witnesses. My name is listed in the Top 50. Click 
once.
Alternatively you can vote via SteemConnect
https://v2.steemconnect.com/sign/account-witness-vote?witness=drakos&approve=1